profile
viewpoint

HuKeping/30dayMakeOS 0

《30天自制操作系统》源码中文版。自己制作一个操作系统(OSASK)的过程

HuKeping/arm-trusted-firmware 0

Trusted Firmware-A

HuKeping/bazel 0

a fast, scalable, multi-language and extensible build system

HuKeping/cJSON 0

Ultralightweight JSON parser in ANSI C

HuKeping/configs 0

A repository to hold some configurations

HuKeping/containerd 0

A daemon to control runC

HuKeping/cri-o 0

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface

HuKeping/distribution 0

The Docker toolset to pack, ship, store, and deliver content

HuKeping/docker 0

Docker - the open-source application container engine

HuKeping/docker-bench-security 0

The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. https://dockerbench.com

pull request commentHuKeping/rbtree

Fix golint #33

Could you please add your your sign-off , the rest LGTM.

u5surf

comment created time in 7 days

issue commentDaveGamble/cJSON

using 1.7.12 coredump

any step to reproduce this @cjsheng

cjsheng

comment created time in 7 days

issue commentDaveGamble/cJSON

the check for NaN and Infinity is somewhat misleading

I don't think float-equal compiling option is neccessary when the comparing is safe.

Yes, totally agree, but what makes me sad is considering integrate cJSON with other projects, it's better keeping this option on. With this option exists, I can not using d*0 != 0 to check for NAN and INF.

People may add -Werror=float-equal in their project for security purpose(in case someone comparing float point with == by mistake). If we drop this compile option in cJSON and do some float comparing using == and !=, they will fail when building their own project with the source of cJSON.

So, i think the problem for now is: how to check for NaN and INF in C89 and with compile option "Werror=float-equal" enabled

I've created a issue at stackoverflow for this.

HuKeping

comment created time in 7 days

issue commentDaveGamble/cJSON

use the general comparison epsilon value to perform approximate comparisons

I prefer using the macro DBL_EPSILON which has already been defined in <float.h> since the definition of DBL_EPSILON is : the minimum positive number such that 1.0 + DBL_EPSILON != 1.0.

HuKeping

comment created time in 7 days

Pull request review commentHuKeping/rbtree

Fix golint #33

 func (t *Rbtree) Delete(item Item) Item { 	return t.delete(&Node{t.NIL, t.NIL, t.NIL, RED, item}).Item } +//Get search the node which includes its node

how about something like

// Get search for the specified item (which was carried by a Node)  in the tree, return nil if not found.
u5surf

comment created time in 8 days

Pull request review commentHuKeping/rbtree

Fix golint #33

 type Node struct { }  const (-	RED   = 0+	// RED represents the color of the node is red+	RED = 0+	// BLACK represents the color of the node is brack

typo :) brack

u5surf

comment created time in 8 days

Pull request review commentHuKeping/rbtree

Fix golint #33

 type Node struct { }  const (-	RED   = 0+	// RED represents the color of the node is red+	RED = 0+	// BLACK represents the color of the node is brack 	BLACK = 1 ) +// Item has a method to compare its which is less

typo?

u5surf

comment created time in 8 days

Pull request review commentHuKeping/rbtree

Fix golint #33

  package rbtree +// Iterator is the function of iteration entity

we may add a sample to help people to understand the Iterator type, how about

// Iterator is the function of iteration entity which would be 
// used by those functions like `Ascend`, `Dscend`, etc.
//
// A typical Iterator with Print :
// func loop_with_print(item rbtree.Item) bool {
//         i, ok := item.(XXX)
//         if !ok {
//                 return false
//         }
//         fmt.Printf("%+v\n", i)
//         return true
// }
u5surf

comment created time in 8 days

issue commentHuKeping/rbtree

Fix golint warning

Thanks for picking this up @u5surf !

HuKeping

comment created time in 9 days

issue openedDaveGamble/cJSON

Why we specified std=c89 in CMakeLists.txt

i wonder if we could remove this option and leave it to user?

created time in 10 days

fork HuKeping/cJSON

Ultralightweight JSON parser in ANSI C

fork in 10 days

issue openedHuKeping/rbtree

Fix golint warning

https://goreportcard.com/report/github.com/HuKeping/rbtree#golint

created time in 10 days

issue openedDaveGamble/cJSON

the check for NaN and Infinity is somewhat misleading

I suppose the function compare_double was simply used to compare whether the two double value is equal or not, but it actually also do the check for NaN implicitly which may not a good practise.

/* securely comparison of floating-point variables */
static cJSON_bool compare_double(double a, double b)
{
    return (fabs(a - b) <= CJSON_DOUBLE_PRECISION);
}

...
/* This checks for NaN and Infinity */
if (!compare_double(d * 0, 0))
{    
    length = sprintf((char*)number_buffer, "null");
}
...

The reason why the above code works fine is becasue:

    1. a-b return NaN, (no matter d is NaN or INF, the result of d * 0 is NAN)
    1. fabs(NaN) return NaN
    1. NaN with all comparisons with the operators ==, <=, >=, <, > return false, thus NaN <= CJSON_DOUBLE_PRECISION return false

Compare to current implementation , I'm much prefer the original one, it's simple and directly and faster:

/* This checks for NaN and Infinity */
if ((d * 0) != 0)
{
    length = sprintf((char*)number_buffer, "null");

}

I'd love to make a PR if you think it's reasonable.

created time in 10 days

issue openedDaveGamble/cJSON

use the general comparison epsilon value to perform approximate comparisons

Hi there,

Would you mind if using the macro DBL_EPSILON to perform the comparisons for double value?

I think it's more portable since it was defined in float.h.

After bring in DBL_EPSILON , we could update the comparisons a more canonical way:

return fabs(a - b) < DBL_EPSILON;

If we dont want include the float.h, there's a simple way to get the value for different platform:

double get_DBL_EPSILON (void)
{
        double d = 1.0;

        while (1.0 + d/2 != 1.0)  d = d/2;

        return d;
}

have test for the code above, it'll get the right value

value | round
0.5000000000000000000000000000000000000000000000000000000000000000 1
0.2500000000000000000000000000000000000000000000000000000000000000 2
0.1250000000000000000000000000000000000000000000000000000000000000 3
0.0625000000000000000000000000000000000000000000000000000000000000 4
0.0312500000000000000000000000000000000000000000000000000000000000 5
0.0156250000000000000000000000000000000000000000000000000000000000 6
0.0078125000000000000000000000000000000000000000000000000000000000 7
0.0039062500000000000000000000000000000000000000000000000000000000 8
0.0019531250000000000000000000000000000000000000000000000000000000 9
0.0009765625000000000000000000000000000000000000000000000000000000 10
0.0004882812500000000000000000000000000000000000000000000000000000 11
0.0002441406250000000000000000000000000000000000000000000000000000 12
0.0001220703125000000000000000000000000000000000000000000000000000 13
0.0000610351562500000000000000000000000000000000000000000000000000 14
0.0000305175781250000000000000000000000000000000000000000000000000 15
0.0000152587890625000000000000000000000000000000000000000000000000 16
0.0000076293945312500000000000000000000000000000000000000000000000 17
0.0000038146972656250000000000000000000000000000000000000000000000 18
0.0000019073486328125000000000000000000000000000000000000000000000 19
0.0000009536743164062500000000000000000000000000000000000000000000 20
0.0000004768371582031250000000000000000000000000000000000000000000 21
0.0000002384185791015625000000000000000000000000000000000000000000 22
0.0000001192092895507812500000000000000000000000000000000000000000 23
0.0000000596046447753906250000000000000000000000000000000000000000 24
0.0000000298023223876953125000000000000000000000000000000000000000 25
0.0000000149011611938476562500000000000000000000000000000000000000 26
0.0000000074505805969238281250000000000000000000000000000000000000 27
0.0000000037252902984619140625000000000000000000000000000000000000 28
0.0000000018626451492309570312500000000000000000000000000000000000 29
0.0000000009313225746154785156250000000000000000000000000000000000 30
0.0000000004656612873077392578125000000000000000000000000000000000 31
0.0000000002328306436538696289062500000000000000000000000000000000 32
0.0000000001164153218269348144531250000000000000000000000000000000 33
0.0000000000582076609134674072265625000000000000000000000000000000 34
0.0000000000291038304567337036132812500000000000000000000000000000 35
0.0000000000145519152283668518066406250000000000000000000000000000 36
0.0000000000072759576141834259033203125000000000000000000000000000 37
0.0000000000036379788070917129516601562500000000000000000000000000 38
0.0000000000018189894035458564758300781250000000000000000000000000 39
0.0000000000009094947017729282379150390625000000000000000000000000 40
0.0000000000004547473508864641189575195312500000000000000000000000 41
0.0000000000002273736754432320594787597656250000000000000000000000 42
0.0000000000001136868377216160297393798828125000000000000000000000 43
0.0000000000000568434188608080148696899414062500000000000000000000 44
0.0000000000000284217094304040074348449707031250000000000000000000 45
0.0000000000000142108547152020037174224853515625000000000000000000 46
0.0000000000000071054273576010018587112426757812500000000000000000 47
0.0000000000000035527136788005009293556213378906250000000000000000 48
0.0000000000000017763568394002504646778106689453125000000000000000 49
0.0000000000000008881784197001252323389053344726562500000000000000 50
0.0000000000000004440892098500626161694526672363281250000000000000 51
0.0000000000000002220446049250313080847263336181640625000000000000 52

get_DBL_EPSILON is :0.0000000000000002220446049250313080847263336181640625
get_DBL_EPSILON is :2.220446049250313080847263336181640625e-16
Macro DBL_EPSILON is :0.0000000000000002220446049250313080847263336181640625
Macro DBL_EPSILON is :2.220446049250313080847263336181640625e-16

created time in 10 days

pull request commenttheupdateframework/notary

Feature/go modules

the vendor directory allows for easier reviewing of the actual code being used.

agreed, go modules makes deps more like a black-box.

marcofranssen

comment created time in 12 days

pull request commenttheupdateframework/notary

Feature/go modules

Would you mind if not changing the golang version for those docker image or any reason we must upgrade it?

The rest LGTM!

Any suggestions please @thaJeztah @justincormack

marcofranssen

comment created time in 12 days

issue commenttheupdateframework/notary

switch to go modules

Would like to be closed by #1451 or #1523

HuKeping

comment created time in 12 days

issue openedtheupdateframework/notary

switch to go modules

use go modules to makes dependency version information explicit and easier to manage

created time in 12 days

pull request commenttheupdateframework/notary

Feature/go modules

love to see go modules reduce tons of code base , seems duplicated with #1451 ?

marcofranssen

comment created time in 13 days

pull request commenttheupdateframework/notary

Upgrade docker images to Go 1.13.6

i'm a little worried about the update of golang , it cost quite a lot of time to fix CI when we update it last time.

marcofranssen

comment created time in 13 days

push eventtheupdateframework/notary

Marco Franssen

commit sha a6dea75a04b93e74880155fd41dd2aeef9866245

Bump mariadb from 10.1.28 to 10.4

view details

HuKeping

commit sha f255ae779066dc28ae4aee196061e58bb38a2b49

Merge pull request #1520 from marcofranssen/master Bump mariadb from 10.1.28 to 10.4

view details

push time in 13 days

PR merged theupdateframework/notary

Bump mariadb from 10.1.28 to 10.4

Bumped the mariadb container used in docker-compose to 10.4 docker image.

+2 -2

0 comment

2 changed files

marcofranssen

pr closed time in 13 days

fork HuKeping/lzbench

lzbench is an in-memory benchmark of open-source LZ77/LZSS/LZMA compressors

fork in 14 days

startedinikep/lzbench

started time in 14 days

push eventtheupdateframework/notary

Kim Bao Long

commit sha 48b3e344592878a03918a30dd76541296b36d8de

Remove duplicated words Although it is spelling mistakes, it might make an affects while reading. Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com>

view details

HuKeping

commit sha 5b8946ccb2fe7bd7b5a1c893ceb3191d09bf2fad

Merge pull request #1519 from longkb/remove_duplicated_words Remove duplicated words

view details

push time in 19 days

PR merged theupdateframework/notary

Remove duplicated words

Although it is spelling mistakes, it might make an affects while reading.

Signed-off-by: Kim Bao Long longkb@vn.fujitsu.com

+5 -5

0 comment

4 changed files

longkb

pr closed time in 19 days

issue commenttheupdateframework/notary

* fatal: unable to reach trust server at this time: 301.

yes, agree, we need some approve.

ralgozino

comment created time in 2 months

issue commenttheupdateframework/notary

* fatal: unable to reach trust server at this time: 301.

The trailing slash on the root domain does not matter, these two should be considered as equivalent:

  • https://notary-server:4443/
  • https://notary-server:4443
ralgozino

comment created time in 2 months

Pull request review commenttheupdateframework/notary

CircleCI: run jobs in parallel

 jobs:           command: |             docker version             docker info+            docker-compose version       - run:           name: "Build image"           command: docker build --progress=plain -t notary_client .-      - run: ./buildscripts/circle_parallelism.sh-      - run: docker-compose -f docker-compose.yml down -v && docker-compose -f docker-compose.rethink.yml down -v+      - run:+          name: "ci"+          command: docker run --rm -e NOTARY_BUILDTAGS --env-file buildscripts/env.list --user notary notary_client bash -c "make ci && codecov"+      - run:+          name: "Teardown"+          command: docker-compose -f docker-compose.yml down -v && docker-compose -f docker-compose.rethink.yml down -v++  job_02:+    machine:+      image: ubuntu-1604:201903-01+    working_directory: ~/go/src/github.com/theupdateframework/notary+    environment:+      NOTARY_BUILDTAGS: none+      DOCKER_BUILDKIT: 1+    steps:+      - add_ssh_keys+      - checkout+      - run:+          name: "Docker Info"+          command: |+            docker version+            docker info+            docker-compose version+      - run:+          name: "Build image"+          command: docker build --progress=plain -t notary_client .+      - run:+          name: "ci"+          command: docker run --rm -e NOTARY_BUILDTAGS --env-file buildscripts/env.list --user notary notary_client bash -c "make ci && codecov"

NOTARY_BUILDTAGS=none?

EDIT: ah ,ok, you define it over there.

thaJeztah

comment created time in 3 months

push eventtheupdateframework/notary

Sebastiaan van Stijn

commit sha 219bf8fbc0f1b3588ca1f5b815a5c2c9c8e5d07a

Makefile: disable debug to make CI more readable Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

HuKeping

commit sha 92dde9576642c840ae5bc170413f0f7cfc29847c

Merge pull request #1510 from thaJeztah/disable_debug Makefile: disable debug to make CI more readable CodeCov failure unrelated with this commit.

view details

push time in 3 months

PR merged theupdateframework/notary

Makefile: disable debug to make CI more readable

CI was quite noisy, and probably could do without the -debug option (I think it can still be enabled by setting a DEBUG env-var if needed)

+1 -1

2 comments

1 changed file

thaJeztah

pr closed time in 3 months

pull request commenttheupdateframework/notary

Private keys and passwords present.

closing.

Please feel free to reopen it if there is any further work need to do.

the4rchangel

comment created time in 3 months

pull request commenttheupdateframework/notary

Makefile: disable debug to make CI more readable

merging.

thaJeztah

comment created time in 3 months

issue commenttheupdateframework/notary

Helm chart for Notary

@HuKeping It's not clear to me if you're saying that you don't think it makes sense to bring more contributors to the community, or if you're just not sure if that's the target.

Sorry for the misleading. I mean if the reason we bring in Helm chat is to bring more contributors to the community, that would not make much sense.

patoarvizu

comment created time in 3 months

issue commenttheupdateframework/notary

Helm chart for Notary

Furthermore, having the examples co-exist with the core code can (in my opinion) remove the cognitive wall of having two separate repos, and potentially encourage more community contributions.

I agree it may increase the activity of this project if we put these two together, but in the meantime I also think it doesn't make much sense if the target is to bring more contributor to this community.

On the other hand, I think part of the value of adding this here, is that it shows activity and signals interest in the project (in the context of this proposal).

I've noticed the proposal at CNCF TOC, I think they're just doing their job, supervise the projects under CNCF and to see if there's any thing that they could help.

patoarvizu

comment created time in 3 months

issue commenttheupdateframework/notary

Helm chart for Notary

Furthermore, having the examples co-exist with the core code can (in my opinion) remove the cognitive wall of having two separate repos, and potentially encourage more community contributions.

I agree it may increase the activity of this project if we put these two together, but in the meantime I also think it doesn't make much sense if the target is to bring more contributor to this community.

I've noticed the proposal at CNCF TOC, I think they're just doing their job, supervise the projects under CNCF and to see if there's any thing that they could help.

patoarvizu

comment created time in 3 months

pull request commenttheupdateframework/notary

Add helm chart

Let's have a discuss about bringing helm chart at #1502 and left the reviewing work here.

patoarvizu

comment created time in 3 months

issue commenttheupdateframework/notary

Helm chart for Notary

Do we really want introduce helm to this git repo(for notary source code).

Actually I don't like the docker-compose.yml to be here either, but since it could be a guide to show people how to deploy notary-server and notary-signer and is simple enough, so I haven't drop it.

I'm thinking if we should create another separated git repo to hold those templates-such as notary-template-helm, notary-template-docker-compose rather than tie it up with this git repo.

thoughts @theupdateframework/notary-maintainers ?

patoarvizu

comment created time in 3 months

Pull request review commenttheupdateframework/notary

Private keys and passwords present.

 import ( )  func getRSAKey() (data.PrivateKey, error) {-	raw := []byte(`-----BEGIN RSA PRIVATE KEY-----

it seems no risk here

the4rchangel

comment created time in 3 months

pull request commenttheupdateframework/notary

Add helm chart

Apologise @patoarvizu ! i've noticed this PR a few days ago, but haven't find a time slot getting to it since it's quite big for this project.

patoarvizu

comment created time in 3 months

push eventtheupdateframework/notary

Sebastiaan van Stijn

commit sha 5f9bd7689d050d9342586fa3418205007587561a

Fix gosec linter results not being printed Before this, `make lint` would fail, but the output of the linter would be discarded, making it unclear what caused the failure: docker build -t notary_client . && docker run -it --rm -e NOTARY_BUILDTAGS=pkcs11 notary_client sh -c 'make lint' ... [gosec] 2019/10/16 11:11:04 Checking file: /go/src/github.com/theupdateframework/notary/utils/http.go make: *** [Makefile:106: lint] Error 1 This problem occurred, because there was an actual linting error, and the code to check for failures did so by checking the output of the csv file to be empty; test -z "$$(cat gas_output.csv | tee /dev/stderr)" In this case, it was not, and the file contained: /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof""" In which case, the code tried to evaluated the output; "$(echo /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof""")" bash: /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,_ net/http/pprof: No such file or directory This patch changes the approach, and: - makes sure no csv file is in place before the test - using the exit-code of the linter as indication it failed (instead of checking for the file to be empty) - in which case, the output of the file is printed on stderr, and the script exited with a non-zero status - renames the csv-file from gas_output.csv to gosec_output.csv, to match the new name of the linter With this patch applied: docker build -t notary_client . && docker run -it --rm -e NOTARY_BUILDTAGS=pkcs11 notary_client sh -c 'make lint' ... [gosec] 2019/10/16 11:13:20 Checking file: /go/src/github.com/theupdateframework/notary/signer/api/rpc_api.go /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof""" make: *** [Makefile:107: lint] Error 1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

HuKeping

commit sha b6b9f01becbdaa7baf1dd723289e540fb8bc0d4a

Merge pull request #1505 from thaJeztah/fix_gosec_output Fix gosec linter results not being printed

view details

push time in 3 months

PR merged theupdateframework/notary

Fix gosec linter results not being printed

Before this, make lint would fail, but the output of the linter would be discarded, making it unclear what caused the failure:

docker build -t notary_client . && docker run -it --rm -e NOTARY_BUILDTAGS=pkcs11 notary_client sh -c 'make lint'
...
[gosec] 2019/10/16 11:11:04 Checking file: /go/src/github.com/theupdateframework/notary/utils/http.go
make: *** [Makefile:106: lint] Error 1

This problem occurred, because there was an actual linting error, and the code to check for failures did so by checking the output of the csv file to be empty;

test -z "$$(cat gas_output.csv | tee /dev/stderr)"

In this case, it was not, and the file contained:

/go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof"""

In which case, the code tried to evaluated the output;

"$(echo /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof""")"
bash: /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,_ net/http/pprof: No such file or directory

This patch changes the approach, and:

  • makes sure no csv file is in place before the test
  • using the exit-code of the linter as indication it failed (instead of checking for the file to be empty)
  • in which case, the output of the file is printed on stderr, and the script exited with a non-zero status
  • renames the csv-file from gas_output.csv to gosec_output.csv, to match the new name of the linter

With this patch applied:

docker build -t notary_client . && docker run -it --rm -e NOTARY_BUILDTAGS=pkcs11 notary_client sh -c 'make lint'
...
[gosec] 2019/10/16 11:13:20 Checking file: /go/src/github.com/theupdateframework/notary/signer/api/rpc_api.go
/go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof"""
make: *** [Makefile:107: lint] Error 1
+3 -2

3 comments

2 changed files

thaJeztah

pr closed time in 3 months

pull request commenttheupdateframework/notary

Fix gosec linter results not being printed

This PR has nothing to do with the codecov check.

LGTM!

thaJeztah

comment created time in 3 months

pull request commenttheupdateframework/notary

Bump golang 1.12.10 (CVE-2019-9512, CVE-2019-9514, CVE-2019-16276)

Thanks @thaJeztah , let's get to #1505 and #1506 first.

thaJeztah

comment created time in 3 months

push eventthaJeztah/notary

Sebastiaan van Stijn

commit sha db73f4002596d4ff7997f236b471d862c2120e91

gosec: ignore G108: Profiling endpoint automatically exposed This was a false positive, as no server is started unless -debug is enabled. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

HuKeping

commit sha bd18eb9ad583965843adf6c2133ba7aa24699c97

Merge pull request #1506 from thaJeztah/fix_gosec_g108 gosec: ignore G108: Profiling endpoint automatically exposed

view details

Sebastiaan van Stijn

commit sha 5d939572d7fa28f6a95c5d4f2bdd0c6a92181976

Fix "make test" broken on Go 1.13 This fixes the tests being broken on Go 1.13 and up, which is caused by a change in Go 1.13: https://golang.org/doc/go1.13#testing > Testing flags are now registered in the new Init function, which is invoked by > the generated main function for the test. As a result, testing flags are now only > registered when running a test binary, and packages that call flag.Parse during > package initialization may cause tests to fail. Before this change: make test ok github.com/theupdateframework/notary/client/changelist (cached) flag provided but not defined: -test.testlogfile Usage of /var/folders/c_/vjh56sc12fd2b_q2n02_lt140000gn/T/go-build270388911/b229/escrow.test: -config string path to configuration file; supported formats are JSON, YAML, and TOML (default "config.toml") ... FAIL make: *** [test] Error 1 With this patch applied, the test complete succesfully Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

HuKeping

commit sha 49188000ccb4973951f607f437d936b50275f5fb

Merge pull request #1507 from thaJeztah/fix_testing_go_1.13 Fix "make test" broken on Go 1.13

view details

Sebastiaan van Stijn

commit sha 5f9bd7689d050d9342586fa3418205007587561a

Fix gosec linter results not being printed Before this, `make lint` would fail, but the output of the linter would be discarded, making it unclear what caused the failure: docker build -t notary_client . && docker run -it --rm -e NOTARY_BUILDTAGS=pkcs11 notary_client sh -c 'make lint' ... [gosec] 2019/10/16 11:11:04 Checking file: /go/src/github.com/theupdateframework/notary/utils/http.go make: *** [Makefile:106: lint] Error 1 This problem occurred, because there was an actual linting error, and the code to check for failures did so by checking the output of the csv file to be empty; test -z "$$(cat gas_output.csv | tee /dev/stderr)" In this case, it was not, and the file contained: /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof""" In which case, the code tried to evaluated the output; "$(echo /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof""")" bash: /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,_ net/http/pprof: No such file or directory This patch changes the approach, and: - makes sure no csv file is in place before the test - using the exit-code of the linter as indication it failed (instead of checking for the file to be empty) - in which case, the output of the file is printed on stderr, and the script exited with a non-zero status - renames the csv-file from gas_output.csv to gosec_output.csv, to match the new name of the linter With this patch applied: docker build -t notary_client . && docker run -it --rm -e NOTARY_BUILDTAGS=pkcs11 notary_client sh -c 'make lint' ... [gosec] 2019/10/16 11:13:20 Checking file: /go/src/github.com/theupdateframework/notary/signer/api/rpc_api.go /go/src/github.com/theupdateframework/notary/cmd/notary-server/main.go,8,Profiling endpoint is automatically exposed on /debug/pprof,HIGH,HIGH,"_ ""net/http/pprof""" make: *** [Makefile:107: lint] Error 1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 3 months

pull request commenttheupdateframework/notary

Fix gosec linter results not being printed

Amazing! I love this change.

thaJeztah

comment created time in 3 months

PR merged theupdateframework/notary

Fix "make test" broken on Go 1.13

This fixes the tests being broken on Go 1.13 and up, which is caused by a change in Go 1.13: https://golang.org/doc/go1.13#testing

Testing flags are now registered in the new Init function, which is invoked by the generated main function for the test. As a result, testing flags are now only registered when running a test binary, and packages that call flag.Parse during package initialization may cause tests to fail.

Before this change:

make test

ok  	github.com/theupdateframework/notary/client/changelist	(cached)
flag provided but not defined: -test.testlogfile
Usage of /var/folders/c_/vjh56sc12fd2b_q2n02_lt140000gn/T/go-build270388911/b229/escrow.test:
  -config string
    	path to configuration file; supported formats are JSON, YAML, and TOML (default "config.toml")
...
FAIL
make: *** [test] Error 1

With this patch applied, the test complete succesfully

+1 -1

1 comment

1 changed file

thaJeztah

pr closed time in 3 months

push eventtheupdateframework/notary

Sebastiaan van Stijn

commit sha 5d939572d7fa28f6a95c5d4f2bdd0c6a92181976

Fix "make test" broken on Go 1.13 This fixes the tests being broken on Go 1.13 and up, which is caused by a change in Go 1.13: https://golang.org/doc/go1.13#testing > Testing flags are now registered in the new Init function, which is invoked by > the generated main function for the test. As a result, testing flags are now only > registered when running a test binary, and packages that call flag.Parse during > package initialization may cause tests to fail. Before this change: make test ok github.com/theupdateframework/notary/client/changelist (cached) flag provided but not defined: -test.testlogfile Usage of /var/folders/c_/vjh56sc12fd2b_q2n02_lt140000gn/T/go-build270388911/b229/escrow.test: -config string path to configuration file; supported formats are JSON, YAML, and TOML (default "config.toml") ... FAIL make: *** [test] Error 1 With this patch applied, the test complete succesfully Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

HuKeping

commit sha 49188000ccb4973951f607f437d936b50275f5fb

Merge pull request #1507 from thaJeztah/fix_testing_go_1.13 Fix "make test" broken on Go 1.13

view details

push time in 3 months

push eventthaJeztah/notary

yuxiaobo

commit sha effff7596032b6b4f7cbb4269a32a908c6a3e443

Correct spelling mistakes. Signed-off-by: yuxiaobo <yuxiaobogo@163.com>

view details

HuKeping

commit sha 62258bc0beb3bdc41de1e927a57acaee06bebe4b

Merge pull request #1498 from yuxiaobo96/notary-fix2 Correct spelling mistakes

view details

Sebastiaan van Stijn

commit sha db73f4002596d4ff7997f236b471d862c2120e91

gosec: ignore G108: Profiling endpoint automatically exposed This was a false positive, as no server is started unless -debug is enabled. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

HuKeping

commit sha bd18eb9ad583965843adf6c2133ba7aa24699c97

Merge pull request #1506 from thaJeztah/fix_gosec_g108 gosec: ignore G108: Profiling endpoint automatically exposed

view details

Sebastiaan van Stijn

commit sha 5d939572d7fa28f6a95c5d4f2bdd0c6a92181976

Fix "make test" broken on Go 1.13 This fixes the tests being broken on Go 1.13 and up, which is caused by a change in Go 1.13: https://golang.org/doc/go1.13#testing > Testing flags are now registered in the new Init function, which is invoked by > the generated main function for the test. As a result, testing flags are now only > registered when running a test binary, and packages that call flag.Parse during > package initialization may cause tests to fail. Before this change: make test ok github.com/theupdateframework/notary/client/changelist (cached) flag provided but not defined: -test.testlogfile Usage of /var/folders/c_/vjh56sc12fd2b_q2n02_lt140000gn/T/go-build270388911/b229/escrow.test: -config string path to configuration file; supported formats are JSON, YAML, and TOML (default "config.toml") ... FAIL make: *** [test] Error 1 With this patch applied, the test complete succesfully Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 3 months

pull request commenttheupdateframework/notary

Fix "make test" broken on Go 1.13

oops, rebase needed.

thaJeztah

comment created time in 3 months

push eventtheupdateframework/notary

Sebastiaan van Stijn

commit sha db73f4002596d4ff7997f236b471d862c2120e91

gosec: ignore G108: Profiling endpoint automatically exposed This was a false positive, as no server is started unless -debug is enabled. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

HuKeping

commit sha bd18eb9ad583965843adf6c2133ba7aa24699c97

Merge pull request #1506 from thaJeztah/fix_gosec_g108 gosec: ignore G108: Profiling endpoint automatically exposed

view details

push time in 3 months

PR merged theupdateframework/notary

gosec: ignore G108: Profiling endpoint automatically exposed

This was a false positive, as no server is started unless -debug is enabled.

Also see https://github.com/theupdateframework/notary/pull/1505, which fixes CI to print the actual failure

+1 -1

2 comments

1 changed file

thaJeztah

pr closed time in 3 months

push eventthaJeztah/notary

yuxiaobo

commit sha effff7596032b6b4f7cbb4269a32a908c6a3e443

Correct spelling mistakes. Signed-off-by: yuxiaobo <yuxiaobogo@163.com>

view details

HuKeping

commit sha 62258bc0beb3bdc41de1e927a57acaee06bebe4b

Merge pull request #1498 from yuxiaobo96/notary-fix2 Correct spelling mistakes

view details

Sebastiaan van Stijn

commit sha 21e471f4c00ecd94b83135cd8704c1470e6b5b65

Bump golang 1.12.8 (CVE-2019-9512, CVE-2019-9514) go1.12.8 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.12.8 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.12.8 - net/http: Denial of Service vulnerabilities in the HTTP/2 implementation net/http and golang.org/x/net/http2 servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. Servers will now close connections if the send queue accumulates too many control messages. The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606. Thanks to Jonathan Looney from Netflix for discovering and reporting these issues. This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of golang.org/x/net/http2. net/url: parsing validation issue - url.Parse would accept URLs with malformed hosts, such that the Host field could have arbitrary suffixes that would appear in neither Hostname() nor Port(), allowing authorization bypasses in certain applications. Note that URLs with invalid, not numeric ports will now return an error from url.Parse. The issue is CVE-2019-14809 and Go issue golang.org/issue/29098. Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me) for discovering and reporting this issue. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 4307a529c39b2a6c5af0d665766100dccbe6661a

Use golang-migrate/migrate, because mattes/migrate was archived Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 211715bdf7803ea3f0cc2af9375404682e8e3757

Pin golang-migrate to v4.6.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 4 months

push eventyuxiaobo96/notary

yuxiaobo

commit sha effff7596032b6b4f7cbb4269a32a908c6a3e443

Correct spelling mistakes. Signed-off-by: yuxiaobo <yuxiaobogo@163.com>

view details

HuKeping

commit sha 62258bc0beb3bdc41de1e927a57acaee06bebe4b

Merge pull request #1498 from yuxiaobo96/notary-fix2 Correct spelling mistakes

view details

yuxiaobo

commit sha 16983022195c116b511a8e2099c6518e440cc05e

Grammatical correction Signed-off-by: yuxiaobo <yuxiaobogo@163.com>

view details

push time in 4 months

push eventthaJeztah/notary

yuxiaobo

commit sha effff7596032b6b4f7cbb4269a32a908c6a3e443

Correct spelling mistakes. Signed-off-by: yuxiaobo <yuxiaobogo@163.com>

view details

HuKeping

commit sha 62258bc0beb3bdc41de1e927a57acaee06bebe4b

Merge pull request #1498 from yuxiaobo96/notary-fix2 Correct spelling mistakes

view details

Sebastiaan van Stijn

commit sha 97ce29333252f7fd878178540cb12b5fb77d1463

CircleCI: update image, and use BuildKit Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 4 months

pull request commenttheupdateframework/notary

CircleCI: update image, and use BuildKit

As per https://discuss.circleci.com/t/default-machine-executor-image-update/29308, I'd like to merge this PR, otherwise we should change the image to circleci/classic:201710-01 which is tooooooooooooooooooooo old.

I don't like the image name without the prefix circleci , but it seems we have no better choice.

thoughts @justincormack ?

thaJeztah

comment created time in 4 months

push eventtheupdateframework/notary

yuxiaobo

commit sha effff7596032b6b4f7cbb4269a32a908c6a3e443

Correct spelling mistakes. Signed-off-by: yuxiaobo <yuxiaobogo@163.com>

view details

HuKeping

commit sha 62258bc0beb3bdc41de1e927a57acaee06bebe4b

Merge pull request #1498 from yuxiaobo96/notary-fix2 Correct spelling mistakes

view details

push time in 4 months

PR merged theupdateframework/notary

Correct spelling mistakes

Signed-off-by: yuxiaobo yuxiaobogo@163.com

Correct spelling mistakes.

+1 -1

2 comments

1 changed file

yuxiaobo96

pr closed time in 4 months

fork HuKeping/ninja

a small build system with a focus on speed

https://ninja-build.org/

fork in 4 months

startedninja-build/ninja

started time in 4 months

more